The Linux Intrusion Detection System (LIDS) is a kernel patch for both 2.4 and 2.6 kernels that adds Mandatory Access Control (MAC) and other security enhancements to the Linux kernel. The main feature of LIDS is its ability to limit the power of the root account. LIDS uses Access Control Lists (ACLs) to control access to files, processes, and network resources. Once these permissions are set, they cannot be overridden, even if a user or process has root privileges. You may be wondering why anyone would choose LIDS over its more popular counterpart, SELinux. Both have their advantages. Both add MAC and the ability to limit the damage that can be done by the root account. There are two reasons why you may want to consider LIDS instead of SELinux.

First, LIDS is easier to implement on a wide range of Linux distributions. This is because LIDS ACLs are easier to configure than SELinux policies. SELinux policies are notoriously hard to implement correctly. For many distributions, using SELinux will not be a realistic choice unless they ship with pre-defined SELinux policies.

The link for this article located at Linux.com is no longer available.